Updating/replacing Primary Domain Controller

Windows Server Help

OK, first and foremost I'm not a networking/hardware specialist, so please be patient :-) Here's my current worry...

For the past four years I've been running a small network with one Windows 2003 Server (with Active Directory, DNS and DHCP services - I'm guessing this is the Primary Domain Controller...) and between three and four attached workstations (Windows XP and Windows Vista) and a couple of network printers. I guess you could call the installation basic, but it does what we want it to do - we're a small web development company so the server provides general data storage and also IIS so we can give our customers extarnal access to 'work in progress' web sites through the development. The server also runs SQL 2000 and SQL 2005.

The time has come to upgrade the physical server (it's 5 years old and realtively low spec. hardware wise) and whilst we're at it would like to update the OS to Windows Server 2008 64-bit edition - seems to make sense, but correct me if you disagree.

My initial thoughts were to build the new server, turn the old server off, attach the new server and then attach the workstations to the new server/domain. Whilst I guess this would work, I do know enough to know it's a bit messy and there's probably a better way to do it.

From searching around (particularly in this forum) I believe you can add a second server to the network, and somehow get it to mirror the services on the original server (the Primary Domain Controller), but I have only a vague idea of how to do this and the one thing I want to avoid is killing the existing functional network - we need to be able to work!

Can anyone point me in the right direction - a step by step guide would be a help as, as I say, I'm no network specialist (as you probably have gathered!).

1- Build your new Windows Server 2008, configure the RAID, hard drive etc,
to your needs (Donot add to domain yet) and give it a fix IP address.
2- Make sure you have a current and valid backup for your data, just in case
something goes wrong.
3 -Make sure your current Active Directory Environment is healthy and
functioning right by running a dcdiag /q at the command prompt, look for any
errors.
3- Prepare your current environment for W2K8. On you current Windows Server
2003 Domain controller, logon with an account that is a member of the schema
Admin, insert the W2K8 disk and run adprep /forestprep and adprep
/domainprep. This will upgrade your schema to w2k8 verion 44.
4- Add the new w2k8 machine as a member server to your domain
5- Make the W2K8 a domain controller in your exiting domain by running
dcpromo and follow the prompts, Also recommended to install DNS at this
stage if prmpted to d so, if not then install DNS immediately after DC promo
is complete. After w2k8 have been promoted as a domain controller, wait for
replication to complete, do a dcdiag /q and look for any errors. At this
time, make W2K8 DC to point to itself for DNS
6- Transfer FSMO Roles to W2K8. If no errors, then move all the FSMO roles
from the W2K3 domain controller to the new W2K8 domain controller.
Instructions to do this can be found here:http://support.microsoft.com/kb/324801
7- Migrate your DHCP from W2K3 to W2K8.
8-Migrate IIS from W2K3 to W2K8 and move web data.
9- personnally, if your old w2k3 server is still functional, I will leave
the SQL 2000 and 2005 on it.IF not then migrate to new w2k8
10- At this time, proceed to demote old w2k3 as a domain controller. ( I
will prefer you do this after about 2 weeks, just to make sure that
everything is working as planned.)

Isaac, thank you for taking the time to post such a helpful guide - much appreciated.

I'll post back to let you know how I get on.

Thank you for this. I have installed the Support Tools as suggested and run the diagnostic utilities as suggested with the results being clear.

I have one question, you say "...check that you are running Active Directory Integrated Zone...". I'm afraid I'm not quite sure how to do this. I've opened the DNS Management Console, but that's about as far I got - sorry. I gess the next likely question is if I'm not, how do I configure it?

!!!NEVER START BEFORE HAVING CREATED AND TESTED A BACKUP OF YOUR DATA/MACHINE!!!

- On the old server open DNS management console and check that you are running
Active directory integrated zone (easier for replication, if you have more
then one DNS server)

- run replmon from the run line or repadmin /showrepl, dcdiag and netdiag
from the command prompt on the old machine to check for errors, if you have
some post the complete output from the command here or solve them first.
For this tools you have to install the support\tools\suptools.msi from the
2003 installation disk.

- run adprep /forestprep and adprep /domainprep and adprep /rodcprep from
the 2008 installation disk against the 2003 schema master, with an account
that is member of the Schema admins, to upgrade the schema to the new version
(44), you can check the version with "schupgr" in a command prompt.

- Install the new machine as a member server in your existing domain

- configure a fixed ip and set the preferred DNS server to the old DNS server
only

- run dcpromo and follow the wizard to add the 2008 server to an existing
domain, make it also Global catalog.

- if you are prompted for DNS configuration choose Yes. If not, install DNS
role after promotion.

- for DNS give the server time for replication, at least 15 minutes. Because
you use Active directory integrated zones it will automatically replicate
the zones to the new server. Open DNS management console to check that they
appear

- if the new machine is domain controller and DNS server run again replmon,
dcdiag and netdiag (copy the netdiag from the 2003 to 2008, will work) on
both domain controllers

And it was all going so well! Windows Server 2008 - 64 bit running nicely, but I have run into a couple problems.

To be fair, I've been a complete idiot, I should have checked compatability much more closely. I still need to be able to run Windows SQL 2000 and ASP.net 1.1 on this server, and of course, it won't at least not easily, if at all. The stupid thing is that it never ocurred to me to check, I just thought that it would, well, work.

I think I now have three options:

1) Install Windows Server 2003 32-bit on the new hardware (same as the old server).

Hello Neilski,
We all sometime get caught in the compartibility issues, so don't blame
yourself too bad on that. Before you start thinking of addittional hardware,
here are some other options.

I know you can run ASP 1.1 on w2k8 but SQL2000 is a no no. So how about you
still run your web using asp 1.1 on w2k8 and leave the sql2000 on your
existing hardware(I am not sure about the condition of the old w2k3, but if
you migrate everything but the sql2000 that mayreduce the workload on that
server for it to be able to handle just sql200 stuff) .

Option 2: If you have enough hard disk space and memory on your new w2k8,
you can use virtualization with Hyper- V (new feature in w2k8) and install
w2k3 and sql2000 on it. That way you don't have to buy any new hardware. You
can read more on Virtualization here:

I had not heard of Hyper-V so will investigate - presumebaly it's another package I need to buy. I had been looking at VMWare ESXi, but I like the idea of keeping the same family of products. I only have the Standard Edition Windows Server 2008.

I don't think keeping the old machine in service is practical. I think it has a 'mechanical' problem on the Motherboard, as it can be fine for weeks and then suffers a complete hard disk read/write failure (as a result I have become quite good at restore and rebuild!).

The new machine is an HP ML350 G5 (quad-core Xeon with 10GB of RAM) and 4 x 250GB SATA drives running as a logical pair in RAID 1+0 configuration.

It's Included, you just need the hardware capable of running it and aquire
the knowledge and skills to use it.

I run several hyper-v VM instances in my dev & demo server with a lot less
horsepower than yours.

Fast disks, lots-o-ram, and an extra NICs should easily accomodate an extra
server or two for your ML350

I think your new machine have enough RAM and disk space to handle
virtualization. I think your current license of w2k8 cames with hyper-v
included, not sure but you can verify with microsoft. If that is the case
you may not have to buy anything else

Server 2008 *Standard* Edition does come with 1+1 licensing. But the first
"one" must be for virtualization services and manageing the virtual machines
only. The second "one" is a license for installing a full function instance
of Sevrer 2008 in a Virtual Machine.

With the first instance already running AD and other roles *not* just
limited for Hyper-V services and VM management, he'd still need another
license for his 2003 SQL and IIS VM instance. If the original licensing
allows, he could move it from physcial to virtual though.

Step 1
Purchase new HW and OS license windows 2008
configure RAID per your requirements
Install the OS on the new HW and name the server as you wish , Assign static
IP to the new server
Add server to existing domain ( now you have member server)
reboot log into domain ( not to local Server) with correct privileges
click run, type DCpromo and start promoting this server to be the second
domain controller, finish the DCPromo process and reboot
make sure this is DC/GC/DNS ( use AD integrated DNS) and configure the
server TCP/IP correctly. DG/DNS servers to be the
Start transferring all roles from DC one to new 08DC, this includes, DHCP,
WINS, and other services running on top of the fist DC
I don't like the idea installing anything on the DC such as SQL to be honest
if budged is allowing you use member server for SQL and leave DC alone by
itself, if not
go for it )-:

Step 2
After moving all the services from old DC to newDC you will be ready to run
DCpromo on the old server to "un-install" active directory.
Make sure you change the DHCP scope options, reflecting with new DC IP
address and DNS WINS etc.

Move al the FSMO roles , it is very easy and being done from GUI
when you are done first thing you need to do is shut down old DC to make
sure nothing is complaining, broke etc.
Turn the DC back and allow the replication to catch up
Run DCPromo uninstall the AD from old server, delete the server object for
the old server from site and services.
reboot the old DC , now it is member server disjoin from domain and do
whatever you want with it.

At last I have my Windows Server 2008 64 bit operating system running as a Domain Controller on my network. It is actually installed as a virtual machine on my server running VMWare ESXi.

By following all of your helpful advice and suggestions, the process was fairly painless. This morning I ran DCPROMO on the new 2008 server and all seemed to go well, but it I did notice a message that said something about not having an 'authoratative DNS'. The process completed and I assumed that since I only had one previous DNS server (running on the old 2003 server it must be ok - wrongly I suspect!).

After the DCPROMO completed, I opened the DNS manager and noted that the domains appear to have replcated from the w2k3 server. I than ran DCDIAG and DCDIAG /q as suggested in your comments, and I appear to have some problems. I am hoping that someone might steer me in the right direction. The logs are listed below.

Thank you.

DCDIAG /q
Warning: DsGetDcName returned information for \\primus.abl.local, when

we were trying to reach ZEUS.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

......................... ZEUS failed test Advertising

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set
access rights for the naming context: